[Ffmpeg-devel] ffmpeg assertion failure

Bob Forsman thoth
Fri Nov 11 18:08:00 CET 2005


I made ffmpeg (checked out from CVS this morning) fail an assertion by
feeding it a NAL stream from a Tandberg 5930 encoder.

I'm trying to write a custom JNI module which takes NAL units and gives
me back rendered RGB frames.  I was able to reproduce my problem using
the ffmpeg tool.

The sample file (305k) is available at 
http://www.purplefrog.com/~thoth/x/nal-stream-explodes-ffmpeg.nal

(gdb) run -f h264 -i /tmp/4  /tmp/5.avi
Starting program: /home/thoth/vendor/ffmpeg/ffmpeg_g -f h264 -i /tmp/4  /tmp/5.avi
ffmpeg version CVS, build 3277056, Copyright (c) 2000-2004 Fabrice Bellard
  configuration:  --disable-mmx 
  built on Nov  2 2005 14:19:01, gcc: 3.3.6 (Gentoo 3.3.6, ssp-3.3.6-1.0, pie-8.7.8)
[h264 @ 0x8318170]Unknown NAL code: 12
Input #0, h264, from '/tmp/4':
  Duration: N/A, bitrate: N/A
  Stream #0.0, 59.94 fps: Video: h264, yuv420p, 352x480
File '/tmp/5.avi' already exists. Overwrite ? [y/N] y
Output #0, avi, to '/tmp/5.avi':
  Stream #0.0,   nan fps: Video: mpeg4, yuv420p, 352x480, q=2-31, 200 kb/s
Stream mapping:
  Stream #0.0 -> #0.0
Press [q] to stop encoding
[h264 @ 0x8318170]Unknown NAL code: 12
[h264 @ 0x8318170]Unknown NAL code: 12
[h264 @ 0x8318170]Unknown NAL code: 12
[h264 @ 0x8318170]Unknown NAL code: 12
[h264 @ 0x8318170]Unknown NAL code: 12
[h264 @ 0x8318170]Unknown NAL code: 12
[h264 @ 0x8318170]Unknown NAL code: 12
[h264 @ 0x8318170]Unknown NAL code: 12
[h264 @ 0x8318170]Unknown NAL code: 12
[h264 @ 0x8318170]Unknown NAL code: 12
[h264 @ 0x8318170]Unknown NAL code: 12
ffmpeg_g: h264.c:3550: fill_default_ref_list: Assertion `best_i != (-2147483647 - 1)' failed.

Program received signal SIGABRT, Aborted.
0xb7e82941 in kill () from /lib/libc.so.6
(gdb) bt
#0  0xb7e82941 in kill () from /lib/libc.so.6
#1  0xb7e826e5 in raise () from /lib/libc.so.6
#2  0xb7e83a66 in abort () from /lib/libc.so.6
#3  0xb7e7be9d in __assert_fail () from /lib/libc.so.6
#4  0x0821d1b3 in fill_default_ref_list (h=0xb7d1c020) at h264.c:3550
#5  0x08220068 in decode_slice_header (h=0xb7d1c020) at h264.c:4374
#6  0x0822c017 in decode_nal_units (h=0xb7d1c020, buf=0x8388c10 "", 
    buf_size=3447) at h264.c:7479
#7  0x0822c7ee in decode_frame (avctx=0x8388400, data=0xbfcc11b0, 
    data_size=0xbfcc127c, buf=0x8388c10 "", buf_size=3447) at h264.c:7654
#8  0x080b2598 in avcodec_decode_video (avctx=0x8388400, picture=0xbfcc11b0, 
    got_picture_ptr=0xbfcc127c, buf=0x8388c10 "", buf_size=3447) at utils.c:905
#9  0x080573d6 in output_packet (ist=0x8396dc0, ist_index=0, 
    ost_table=0x83886d0, nb_ostreams=1, pkt=0xbfcc1380) at ffmpeg.c:1222
#10 0x08059e4a in av_encode (output_files=0x831f540, nb_output_files=1, 
    input_files=0x831f440, nb_input_files=1, stream_maps=0x831f5a0, 
    nb_stream_maps=0) at ffmpeg.c:2058
#11 0x0805e7e1 in main (argc=6, argv=0xbfcc1864) at ffmpeg.c:4257
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0xb7e82921 to 0xb7e82961:
0xb7e82921 <sigprocmask+61>:    fsubrp %st,%st(0)
0xb7e82923 <sigprocmask+63>:    mov    $0xcd,%ch
0xb7e82925 <sigprocmask+65>:    (bad)  
0xb7e82926 <sigprocmask+66>:    decl   0xffffbe30(%ecx)
0xb7e8292c <sigprocmask+72>:    (bad)  
0xb7e8292d <sigprocmask+73>:    ljmp   *%ebx
0xb7e8292f <sigprocmask+75>:    jecxz  0xb7e828ba <sigaction+42>
0xb7e82931 <kill+1>:    fimull 0x8b08244c(%ebx)
0xb7e82937 <kill+7>:    pop    %esp
0xb7e82938 <kill+8>:    and    $0x4,%al
0xb7e8293a <kill+10>:   mov    $0x25,%eax
0xb7e8293f <kill+15>:   int    $0x80
0xb7e82941 <kill+17>:   mov    %edx,%ebx
0xb7e82943 <kill+19>:   cmp    $0xfffff001,%eax
0xb7e82948 <kill+24>:   jae    0xb7e8294b <kill+27>
0xb7e8294a <kill+26>:   ret    
0xb7e8294b <kill+27>:   push   %ebx
0xb7e8294c <kill+28>:   call   0xb7e6f3b8 <ff_msmp4_dc_luma_vlc+2947484376>
0xb7e82951 <kill+33>:   add    $0xe36a3,%ebx
0xb7e82957 <kill+39>:   xor    %edx,%edx
0xb7e82959 <kill+41>:   sub    %eax,%edx
0xb7e8295b <kill+43>:   push   %edx
---Type <return> to continue, or q <return> to quit---
0xb7e8295c <kill+44>:   call   0xb7e6f2d8 <ff_msmp4_dc_luma_vlc+2947484152>
End of assembler dump.
(gdb) info all-registers
eax            0x0      0
ecx            0x6      6
edx            0xb7f65ff4       -1208590348
ebx            0x7510   29968
esp            0xbfcbd7a8       0xbfcbd7a8
ebp            0xbfcbd7bc       0xbfcbd7bc
esi            0x6      6
edi            0xbfcbd850       -1077159856
eip            0xb7e82941       0xb7e82941
eflags         0x246    582
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x0      0
st0            0        (raw 0x00000000000000000000)
st1            0        (raw 0x00000000000000000000)
st2            0        (raw 0x00000000000000000000)
st3            0        (raw 0x00000000000000000000)
st4            4719     (raw 0x400b9378000000000000)
st5            4720     (raw 0x400b9380000000000000)
st6            1.000000000000000015902891109759918e+100 (raw 0x414b924d692ca61be---Type <return> to continue, or q <return> to quit---
800)
st7            0.36703333333333332255676850763848051    (raw 0x3ffdbbebcb066ac4e000)
fctrl          0x37f    895
fstat          0x21     33
ftag           0xffff   65535
fiseg          0x73     115
fioff          0x80599df        134584799
foseg          0x7b     123
fooff          0xbfcc1358       -1077144744
fop            0x1c9    457
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
---Type <return> to continue, or q <return> to quit---
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
mxcsr          0x1f80   8064
mm0            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 
    0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
---Type <return> to continue, or q <return> to quit---
mm1            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 
    0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 
    0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 
    0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm4            {uint64 = 0x9378000000000000, v2_int32 = {0x0, 0x93780000}, 
  v4_int16 = {0x0, 0x0, 0x0, 0x9378}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x78, 0x93}}
mm5            {uint64 = 0x9380000000000000, v2_int32 = {0x0, 0x93800000}, 
  v4_int16 = {0x0, 0x0, 0x0, 0x9380}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x80, 0x93}}
mm6            {uint64 = 0x924d692ca61be800, v2_int32 = {0xa61be800, 
    0x924d692c}, v4_int16 = {0xe800, 0xa61b, 0x692c, 0x924d}, v8_int8 = {0x0, 
    0xe8, 0x1b, 0xa6, 0x2c, 0x69, 0x4d, 0x92}}
mm7            {uint64 = 0xbbebcb066ac4e000, v2_int32 = {0x6ac4e000, 
    0xbbebcb06}, v4_int16 = {0xe000, 0x6ac4, 0xcb06, 0xbbeb}, v8_int8 = {0x0, 
    0xe0, 0xc4, 0x6a, 0x6, 0xcb, 0xeb, 0xbb}}


#4  0x0821d1b3 in fill_default_ref_list (h=0xb7d1c020) at h264.c:3550
3550                assert(best_i != INT_MIN);
(gdb) list
3545                        best_poc= poc;
3546                        best_i= i;
3547                    }
3548                }
3549                
3550                assert(best_i != INT_MIN);
3551                
3552                limit= best_poc;
3553                sorted_short_ref[out_i]= *h->short_ref[best_i];
3554                tprintf("sorted poc: %d->%d poc:%d fn:%d\n", best_i, out_i, sorted_short_ref[out_i].poc, sorted_short_ref[out_i].frame_num);





More information about the ffmpeg-devel mailing list